News Archives

Wednesday, June 27, 2018

Complaints Under the GDPR Begin to Mount

Within hours of the General Data Protection Regulation coming into effect, Max Schrems and his non-profit advocacy group, None of Your Business, filed four complaints - one against Facebook, another two against its subsidiaries Instagram and WhatsApp, and a fourth against Google – all claiming that the tech companies coerced their users into accepting their terms and conditions. The complaints were filed with DPAs in Austria, Belgium, France and Hamburg and could lead to fines of €7.6 billion. Later in the month, the French advocacy group La Quadrature du Net filed similar charges with the French DPA against Facebook, Google, Apple, Amazon and LinkedIn. Notably, this is the first time that non-profit organizations are asserting claims to represent data subjects under Article 80 of the GDPR, and also the first time that complaints have being filed in the data subjects’ member states rather than in a company’s European headquarters.Other reports about complaints came from regulators and the International Association of Privacy Professionals. Accordingly to a June 18 statement by Andrea Jelinek, Chair of the European Data Protection Board, she and her colleague DPAs are investigating 24 cross-border complaints involving forced consent. An IAPP survey of regulators found that as of June 25, some 2,944 complaints had been received by 15 DPAs since the GDPR came into effect. However, a break-out of how many of these complaints related to new requirements under the GDPR was not available.